ibm-information-center/dist/eclipse/plugins/i5OS.ic.ifs_5.4.0.1/rzaaxntkerb.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Enable QNTC file system for Network Authentication Service" />
<meta name="abstract" content="QNTC allows iSeries access to CIFS servers that support the Kerberos V5 authentication protocol." />
<meta name="description" content="QNTC allows iSeries access to CIFS servers that support the Kerberos V5 authentication protocol." />
<meta name="DC.Relation" scheme="URI" content="rzaaxqntcfs.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakh000.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaaxntkerb" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Enable QNTC file system for Network Authentication Service</title>
</head>
<body id="rzaaxntkerb"><a name="rzaaxntkerb"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Enable QNTC file system for Network Authentication Service</h1>
<div><p><span>QNTC allows iSeries™ access to CIFS servers that support
the Kerberos V5 authentication protocol.</span></p>
<div class="section"><p>Rather than using a LAN manager type password to authenticate
with each server, a properly configured iSeries server will now be able to access
supported CIFS servers with a single logon transaction.</p>
</div>
<div class="section"><p>To enable the Network Authentication
Service (NAS) for use with QNTC, you must configure the items:</p>
</div>
<div class="section"> <ul><li>Network Authentication Service (NAS)</li>
<li>Enterprise Identity Mapping (EIM)</li>
</ul>
</div>
<div class="section"><p>Once the above items have been configured,
you can then enable a user to use NAS with the QNTC file system. The following
steps are needed to allow a user to take advantage of the QNTC NAS support.</p>
</div>
<div class="section"> <ul><li>The user's iSeries user
profile must have the local password management parameter, LCLPWDMGT, set
to <strong>*NO</strong>. By specifying *NO, the user will not have a password to the
system and will not be able to sign on to a 5250 session. <span>The
only access to the system will be through NAS-enabled applications, such as iSeries Navigator
or iSeries Access
5250 Display Emulator.</span><p>If the user specifies
*YES, the password will be managed by the system and the user will be authenticated
without NAS.</p>
</li>
<li>You must have a kerberos ticket and an iSeries Navigator connection.</li>
<li>The kerberos ticket for the iSeries you are using must be forwardable.
To make a ticket forwardable, follow these steps: <ul><li>Access the 'Active Directory Users and Computers'
tool on the KDC for your NAS realm</li>
<li>Select users</li>
<li>Select the name that corresponds to the service principal name</li>
<li>Select Properties</li>
<li>Select the Account tab</li>
<li>In the Account options check 'Account is trusted for delegation'</li>
</ul>
</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaaxqntcfs.htm" title="The QNTC file system provides access to data and objects that are stored on an Integrated xSeries Server for iSeries running Windows NT 4.0 Server or later, or Linux. The QNTC file system also provides access to data and objects that are stored on remote servers running Windows NT 4.0 or later, Linux Samba 3.0 or later, or supported versions of iSeries NetServer.">iSeries NetClient file system (QNTC)</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzakh/rzakh000.htm">Network authentication service</a></div>
<div><a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM)</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="reference" />`
			`<meta name="DC.Title" content="Enable QNTC file system for Network Authentication Service" />`
			`<meta name="abstract" content="QNTC allows iSeries access to CIFS servers that support the Kerberos V5 authentication protocol." />`
			`<meta name="description" content="QNTC allows iSeries access to CIFS servers that support the Kerberos V5 authentication protocol." />`
			`<meta name="DC.Relation" scheme="URI" content="rzaaxqntcfs.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="../rzakh/rzakh000.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="../rzalv/rzalvmst.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzaaxntkerb" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Enable QNTC file system for Network Authentication Service</title>`
			`</head>`
			`<body id="rzaaxntkerb"><a name="rzaaxntkerb"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Enable QNTC file system for Network Authentication Service</h1>`
			`<div><p><span>QNTC allows iSeries™ access to CIFS servers that support`
			`the Kerberos V5 authentication protocol.</span></p>`
			`<div class="section"><p>Rather than using a LAN manager type password to authenticate`
			`with each server, a properly configured iSeries server will now be able to access`
			`supported CIFS servers with a single logon transaction.</p>`
			`</div>`
			`<div class="section"><p>To enable the Network Authentication`
			`Service (NAS) for use with QNTC, you must configure the items:</p>`
			`</div>`
			`<div class="section"> <ul><li>Network Authentication Service (NAS)</li>`
			`<li>Enterprise Identity Mapping (EIM)</li>`
			`</ul>`
			`</div>`
			`<div class="section"><p>Once the above items have been configured,`
			`you can then enable a user to use NAS with the QNTC file system. The following`
			`steps are needed to allow a user to take advantage of the QNTC NAS support.</p>`
			`</div>`
			`<div class="section"> <ul><li>The user's iSeries user`
			`profile must have the local password management parameter, LCLPWDMGT, set`
			`to <strong>NO</strong>. By specifying NO, the user will not have a password to the`
			`system and will not be able to sign on to a 5250 session. <span>The`
			`only access to the system will be through NAS-enabled applications, such as iSeries Navigator`
			`or iSeries Access`
			`5250 Display Emulator.</span><p>If the user specifies`
			`*YES, the password will be managed by the system and the user will be authenticated`
			`without NAS.</p>`
			`</li>`
			`<li>You must have a kerberos ticket and an iSeries Navigator connection.</li>`
			`<li>The kerberos ticket for the iSeries you are using must be forwardable.`
			`To make a ticket forwardable, follow these steps: <ul><li>Access the 'Active Directory Users and Computers'`
			`tool on the KDC for your NAS realm</li>`
			`<li>Select users</li>`
			`<li>Select the name that corresponds to the service principal name</li>`
			`<li>Select Properties</li>`
			`<li>Select the Account tab</li>`
			`<li>In the Account options check 'Account is trusted for delegation'</li>`
			`</ul>`
			`</li>`
			`</ul>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaaxqntcfs.htm" title="The QNTC file system provides access to data and objects that are stored on an Integrated xSeries Server for iSeries running Windows NT 4.0 Server or later, or Linux. The QNTC file system also provides access to data and objects that are stored on remote servers running Windows NT 4.0 or later, Linux Samba 3.0 or later, or supported versions of iSeries NetServer.">iSeries NetClient file system (QNTC)</a></div>
			`</div>`
			`<div class="relinfo"><strong>Related information</strong><br />`
			`<div><a href="../rzakh/rzakh000.htm">Network authentication service</a></div>`
			`<div><a href="../rzalv/rzalvmst.htm">Enterprise Identity Mapping (EIM)</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`